1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Compliance does not equal security

Discussion in 'CSO' started by RSS, Jan 12, 2016.

  1. RSS

    RSS New Member Member

    A security manager needs a philosophy about how to address security issues, and I find that many elements of mine can be reduced to a few words that almost amount to mantras: “Obey the rule of least privilege,” “A company is only as strong as its weakest link,” “Security is a process, not a point solution” and “Trust but verify.”

    This week I added a new mantra: “Compliance does not equal security.”

    Trouble Ticket

    At issue: The company has to meet the requirements for a tougher certification of its credit card-handling practices. But at the end of the day, those requirements don’t seem tough enough.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page